60205 2004-08-13 03:09 0000 app-text/acroread vulnerability in acroread 2004-08-15 07:58:52 0000 1 1 1 Unclassified Gentoo Security GLSA Errors unspecified All All RESOLVED FIXED http://idefense.com/application/poi/display?id=125&type=vulnerabilities&flashstatus=true B2 [glsa] jaervosz P2 normal --- 1 bauer@dmsb.de security@gentoo.org schaedpq2@gmx.de bauer@dmsb.de 2004-08-13 03:09:45 0000 Hi, acroread seems vulnerable to this security-issue. The current version in portage (5.08) is not confirmed as vulnerable, but it says "While it is not clear exactly when the vulnerability was patched, iDEFENSE has tested Adobe Acrobat Reader (UNIX) 5.0.9, which appears to be patched against this vulnerability." http://idefense.com/application/poi/display?id=125&type=vulnerabilities&flashstatus=true plasmaroo@gentoo.org 2004-08-13 03:23:30 0000 I've now marked 5.09 stable on x86, security team: please vote on a GLSA. plasmaroo@gentoo.org 2004-08-13 03:33:58 0000 The README has this to say: == New for Acrobat Reader 5.0.9 A security patch was applied that solves a couple of problems reported with malformed uuencoded pdf files. == So < 5.09 should be vulnerable. schaedpq2@gmx.de 2004-08-13 07:19:14 0000 One of the bugs fixed in 5.09 seems to be this one: Shell Metacharacter Code Execution Vulnerability <http://idefense.com/application/poi/display?id=124&type=vulnerabilities> Might be a good idea to include that vulnerability in the GLSA. jaervosz@gentoo.org 2004-08-14 00:57:49 0000 I vote for a GLSA on this one and have drafted one already. Security please review or vote nay to GLSA. Thx Dominik jaervosz@gentoo.org 2004-08-15 07:58:52 0000 GLSA 200408-14